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DETAILED ACTION 

Response to Arguments 

1 . Applicant's arguments with respect to claims 1-3 and 6-26 have been considered but are 
moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC §102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S. C. 102 that form the 
basis for the rejections under this section made in this Office action: 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or 
on sale in this country, more than one year prior lo the date of application for patent in the United States. 

3. Claims 1-3 and 10-26 are rejected under 35 U.S.C. 102(b) as being anticipated by Zhang 
etal. (US-20020174335). 

a. Referring to claim I, 25 and 26: 

Regarding claims 1, 25 and 26, Zhang teaches a method for distributing encryption keys 
in a Wireless Local Area Network (WLAN), comprising: receiving, by an authentication device, 
an authentication request containing identification information for identity authentication from a 
mobile host (Para 76. . . authentication server receives authentication request comprising 
identification for user); authenticating said mobile host according to said identification 
information (Para 77-80. . . authentication according to the identification information); 
if authentication fails, sending a message comprising ACCESS REJECT information to said 
mobile host, and if authentication succeeds: sending key-related information Ml to an access 
point (AP) wherein the key-related information M 1 includes property information associated 
with the mobile host (Para 81-82. . . access reject upon authentication failure and upon 
authentication success, sending a packet wherein the packet comprises user public key and 
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encrypted password identifier) [[,]] generating, by said AP, a key based on said key-related 
information Ml using a key generation algorithm; and sending a message comprising ACCESS 
ACCEPT information to said mobile host ( Para 82 . . . AP generating a key based on the 
information received from the server and sending accessaccept packet to the mobile user) i 
wherein: if the message comprising the ACCESS ACCEPT information comprises key-related 
information M2 including said key generated by said AP said key-related information M2 is 
encrypted by the AP and is sent to said mobile host along with said ACCESS ACCEPT 
information (sending access accept packet to the mobile comprising the key, the user password 
encrypted with the PK); and if the message comprising the ACCESS ACCEPT information does 
not comprise the kcy-rclated information M2, the mobile host generates the key upon receipt of 
said message comprising the ACCESS ACCEPT information (Para 82. . . user computes the key 
by decrypting encrypted information in access_accept message), 
a. Referring to claim 2: 

Regarding claim 2, Zhang teaches the method of claim 1 , wherein the mobile host 
generates the key according to property information stored in the mobile host with the same key 
generation algorithm after said mobile host receives said message comprising the ACCESS 
ACCEPT information (Para 82. . . user generates the key by decrypting the information using a 
private key of the public key used in encrypting the information), 
a. Referring to claim 3: 

Regarding claim 3, Zhang teaches the method of claim 1, wherein said mobile host 
obtains the key through decrypting the key-related information M2 (See the rejection in claim 2)t 
a. Referring to claims 10, 11, 12, 13 and 14: 
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Regarding claims 10, 11, 12, 13 and 14, Zhang teaches the method for distributing 
encryption keys in the WLAN of claim 1 wherein said authentication device is an authentication 
server installed in external network (Fig 1 . . . authentication server in external network)., 
a. Referring to claims 15, 16, 17, 18 and 19: 

Regarding claims 15, 16, 17, 18 and 19, Zhang teaches the method for distributing 
encryption keys in the WLAN of claim 1 wherein said authentication device is a wireless 
gateway that connects said AP with external network (Para 47. . . authentication and billing 
gateway as the RADIUS server), 
a. Referring to claims 20, 21, 22, 23 and 24: 

Regarding claims 20, 21, 22, 23 and 24, Zhang teaches the method for distributing 
encryption keys in the WLAN of claim 1 wherein said authentication device includes a wireless 
gateway and said authentication server installed in external network (Fig 1 . authentication server 
and gateway in the external network). 

Claim Rejections - 35 USC §103 

The text of those sections of Title 35, U.S. Code not included in this action can be found 
in a prior Office action. 

4. Claims 6-9 are rejected under 35 U.S.C. 103(a) as being unpatentable over Zhang et al. 
(US-20020 174335), and further in view of Wang et al. (US-20030084287). 
a. Referring to claim 6-9: 

Regarding claim 6-9, Zhang teaches a method of distributing encryption keys wherein a 
mobile client authenticates to an authentication server using an identifier and upon successful 
authentication, the authentication server send key information to the AP to generate a key and the 
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mobile device can decrypt the key send from the AP. Zhang does not teach a key update method 
wherein the derived key is updated by generating a new key using a shared secret. However, 
periodically or aperiodically updating session keys or encryption keys used in communication 
between two entities is widely know in the art for ensuring the integrity of keys incase they have 
been compromised or fraudulently obtained by a hacker. For instance, Wang et al. discloses a 
method for authenticating a roaming device within a network and distributing encryption keys 
wherein the key is periodically updated to increase the security of the system. The AP (or the AS 
in another embodiment) generates the new key (update key) from the shared secret and send it to 

the client which derives the key from the shared secret. (Sec Wang, Para 26-28 process for 

periodically updating the encryption key in a network). Therefore, one of ordinary skill in the art 
would be motivated to modify Zhang's system by adding a key update process as taught by 
Wang for the purpose of increasing the security of the system against a compromised key 
because if an encryption key is used repeatedly without updating or renewal, an attacker who 
successfully compromises the key will have access to the encrypted communications, 
a. Referring to claim 6: 

Regarding claim 6, the combination of Zhang and Wang teaches the method for 
distributing encryption keys in the WLAN of claim 1 wherein when receiving data packets 
encrypted with a key sent from the mobile host, said AP updates the key through the following 
steps of: (al) said AP generating a random number and generating a new key from said random 
number with any key generation algorithm; (bl) said AP adding said random number to a key 
update message and then sending said message to said mobile host; (cl) when receiving said key 
update message, said mobile host generating a new key from said random number contained in 
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said key update message with the same key generation algorithm as that in step (al); (dl) said 
mobile host encrypting the data packets to be sent to said AP with said new key and then sending 
the encrypted data packets to said AP, during the encryption process, said mobile host adding an 
encryption identifier to said data packets and changing the value of said encryption identifier to 
indicate the communication key has been changed; and (el) when receiving the data packets from 
said mobile host, said AP determines whether to change the key according to value of said 
encryption identifier (See Wang, Para 26-28. ... key update process carried out by AP wherein a 
new key is generated from a shared secret and sent to a mobile which obtains the new key from 
the shared secret wherein the new key is used for encrypting communication between the AP and 
client). 

a. Referring, to claim 7: 

Regarding claim 7, the combination of Zhang and Wang teaches the method for 
distributing encryption keys in the WLAN of claim 1 wherein in order to achieve encryption 
communication with the new key, when receiving the data packets encrypted with the key sent 
from said mobile host, said AP updates the key periodically or aperiodically through the 
following steps of: (a2) said AP generating a new key in any way and encrypting said new key 
with the present key; (b2) said AP adding the encrypted key to the key update message and then 
sending said message to said mobile host; (c2) when receiving said key update message, said 
mobile host decrypting the new key contained in said key update message with the present key 
so as to obtain said new key; (d2) said mobile host encrypting the data packets to be sent to said 
AP with said new key and then sending the encrypted data packets to said AP, during the 
encryption process, said mobile host adding an encryption identifier to said data packets and 
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changing the value of said encryption identifier to indicate the communication key has been 
changed; and (e2) when receiving the data packets from said mobile host, said AP determines 
whether to change the key according to value of said encryption identifier (See the rejection in 

claim 6 and Wang, Para 26 periodically updating the key) 

a. Referring to claim 8: 

Regarding claim 8, the combination of Zhang and Wang teaches the method for 
distributing encryption keys in the WLAN of claim 1 wherein when receiving the data packets 
encrypted with the key sent from said mobile host, said AP updates the key periodically or 
aperiodically through the following steps of: (a3) said authentication device generating a random 
number which is used to generate a new key with the key generation algorithm, and then said 
authentication device sending said new key to said AP, and sending said random number to said 
mobile host via said AP; (b3) said AP sending said key update message to said mobile host after 
receiving said new key; (C3) when receiving said random number from said authentication 
device and said key update message from AP, said mobile host generating a new key from said 
random number with the same key generation algorithm as that in step (a3); (d3) said mobile 
host encrypting the data packets to be sent to said AP with said new key and then sending the 
encrypted data packets to said AP, during the encryption process, said mobile host adding an 
encryption identifier to said data packets and changing the value of said encryption identifier to 
indicate the communication key has been changed; and (e3) when receiving the data packets 
from said mobile host, said AP determines whether to change the key according to value of said 
encryption identifier (See the rejection in claims 7 and 8 and Wang, Para 26-28 .... embodiment 
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wherein AS generates the new key and sends it to the AP). 
a. Referring to claim 9: 

Regarding claim 9, the combination of Zhang and Wang teaches the method for 
distributing encryption keys in the WLAN of claim 1 wherein in order to achieve encryption 
communication with the new key, when receiving the data packets encrypted with the key sent 
from said mobile host, said AP updates the key periodically or aperiodically through the 
following steps of: (a4) said AP generating a new key in any way and encrypting said new key 
with the present key, then sending said new key to said AP, whereas sending the encrypted new 
key to said mobile host via said AP; (b4) after receiving said new key, said AP sending a key 
update message to said mobile host; (c4) when receiving the encrypted key from said 
authentication device and said key update message from said AP, said mobile host decrypting the 
encrypted key with the present key to obtain a new key; (d4) said mobile host encrypting the data 
packets to be sent to said AP with said new key and then sending the encrypted data packets to 
said AP, during the encryption process, said mobile host adding an encryption identifier to said 
data packets and changing the value of said encryption identifier to indicate the communication 
key has been changed; and (e4) when receiving the data packets from said mobile host, said AP 
determines whether to change the key according to value of said encryption identifier (See the 
rejection in claims 6,7 and 8). 

Conclusion 

5. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to IZUNNA OKEKE whose telephone number is (571)270-3854. 
The examiner can normally be reached on 9:00am - 5:00pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (571) 272-3799. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. 
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Examiner, Art Unit 2432 
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Supervisory Patent Examiner, Art Unit 2432 



